fbpx

Configuring and Securing Your Postfix Mail Relay Policy

Published by Daniel Draga on

Postfix’s relaying policy (allowing users to send mail through the mail server) is dictated by default via the mynetworks parameter. The mynetworks parameter tells Postfix what networks or specific hosts are trusted by Postfix to allow mail to be sent through the mail server to any destination based on this trust. When the mynetworks parameter has been set, you can then use the variable to explicitly tell Postfix the networks that your installation trusts.

Figure shows an example setup for your always-connected corporate mail server. You can see where the mynetworks parameter comes into use. By default, the mynetworks parameter contains your localhost network (127.0.0.0/8) and your network connections that have been configured in your system.
In this example, you can see the Postfix server in the DMZ (demilitarized zone) on an IP address of 192.168.0.4/24. Your internal network is in the subnet of 10.0.0.0/24. Given Postfix’s default mynetworks parameter, the 10.0.0.0/24 network will not be allowed to relay mail through Postfix because it is not part of the Postfix server’s network. To remedy this, you need to add the 10.0.0.0/24 network to the mynetworks clause:
mynetworks = 127.0.0.0/8, 192.168.0.0/24, 10.0.0.0/24


This entry now allows relaying from localhost, the DMZ network, and also your internal network.
When mynetworks has been configured, the parameter smtpd_recipient_restrictions actually allows the relaying to take place. As you can see from the default main.cf configuration we talked about before, this parameter has two objectives:
■ To allow all relays from machines that are in mynetworks

■ To deny all other relays using the reject_unauth_destination(reject all unauthorized connections) clause

Postfix also allows relaying to any domains listed in relay_domains. This parameter, by default, contains whatever is in the $mydomain parameter, which by default is your machine’s configured domain. If you use the default setting, any untrusted sender (not in mynetworks) can relay mail through Postfix to any user at $mydomain. It should be obvious why this is the default, as this would mean that Postfix would accept mail for the domain it is hosting.

Categories: Knowledgebase

0 Comments

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Related Posts

Knowledgebase

How to Protect Your Server Against Brute Force Attacks

Introduction Brute force attacks are one of the most common threats that server administrators face. This guide is designed to provide you with the knowledge and strategies you need to protect your server from brute Read more…

Knowledgebase

Locations of Common Log Files on Linux

In this tutorial, we will take you on a journey through the labyrinth of directories and unveil the secret locations of common log files on Linux. Whether you’re a beginner or an experienced user, this Read more…

Tutorials

How to Install Plesk on Ubuntu 20.04

What is Plesk? Plesk is a commercial web hosting and server data center automation software developed for Linux and Windows-based retail hosting service providers. Plesk Minimum Requirements The minimum amount of RAM required for installing Read more…